On Mon, Nov 6, 2023 at 7:06 PM Kris Kwiatkowski <k...@amongbytes.com> wrote:
> So, based on FIPS 140-3 I.G., section C.K., resolution 5, [1]. "SP800-186 > does not impact the curves permitted under SP 800-56Arev3. Curves that are > included in SP 800-186 but not included in SP 800-56Arev3 are not approved > for key agreement. E.g., the ECDH X25519 and X448 key agreement schemes > (defined in RFC 7748) that use Curve25519 and Curve448, respectively, are > not compliant to SP 800-56Arev3…”. This may potentially be a problem, right? > SP 800-56Crev2 allows a hybrid mode Z' := Z || T (§2, page 2). "Z" would be ML-KEM and "T" X25519. That means we have to put ML-KEM first (instead of X25519 now.)
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
